package com.dong.auth.security.authorization;


import com.dong.auth.security.authentication.Authentication;
import com.dong.auth.security.exception.AccessDeniedException;

import java.util.Collection;

/**
 * 安全模块 鉴权模块 抽线
 *
 * @author zhaodc
 * @date 2021/10/21 14:18
 **/
public abstract class AbstractAuthorizationInterceptor {


    /**
     * 判断当前请求是否满足权限,权限不足则抛出异常
     *
     * @param authentication    登录成功时得到的认证信息实例
     * @param configAuthorities 配置的访问资源需要的权限集合
     * @author zhaodc
     * @since 2021/10/21 14:19
     */
    protected void decide(Authentication authentication, Collection<String> configAuthorities) throws AccessDeniedException {
        Collection<String> authorities = authentication.getAuthorities();
        // 获取访问资源需要的权限
        if (null == authorities || authorities.size() == 0) {
            throw new AccessDeniedException("没有权限进行此操作");
        }
        //权限校验

    }

}
